VOL-3464: DHCP packets can be trapped to ONOS without Authentication
- ACLs can be sometimes have very broad classifiers to work around the limited number
of ACLs that can be installed on the BAL. This would mean that unwanted
packets can sometimes be trapped to host and could be used by the end user
for DDoS attacks by sending spurious packets that match broad classifier BAL ACLs.
This patch introduces some very low level checks on the trapped packets
at the openolt agent application. The packets could be trapped at the application
as a result of broad level BAL ACL classifiers, but the application
does more low checks derived from VOLTHA flow and only then allows the packets to
VOLTHA system if the low checks pass.
- Update BUILDING.md with details of installing PcapPlusPlus library.
- Bump version to 3.1.0
Change-Id: I53eee968c51659c31353eeb5d8d4e144a443c293
diff --git a/agent/test/Makefile b/agent/test/Makefile
index e54da02..56bcce7 100644
--- a/agent/test/Makefile
+++ b/agent/test/Makefile
@@ -32,11 +32,11 @@
CXX = g++
CXXFLAGS += -g -O2
-CXXFLAGS += `pkg-config --cflags-only-I grpc++`
+CXXFLAGS += `pkg-config --cflags-only-I grpc++` -I/usr/local/include/pcapplusplus/
CPPFLAGS += `pkg-config --cflags protobuf grpc`
CXXFLAGS += -std=c++11 -fpermissive -Wno-literal-suffix
CXXFLAGS += -DTEST_MODE -DENABLE_LOG
-LDFLAGS += -lpthread -lm `pkg-config --libs protobuf grpc++ grpc` -ldl -lgpr
+LDFLAGS += -lpthread -lm `pkg-config --libs protobuf grpc++ grpc` -ldl -lgpr -lPcap++ -lPacket++ -lCommon++
CXXFLAGSDEVICE = -I../device -I../device/$(OPENOLTDEVICE)
export CXX CXXFLAGS OPENOLT_PROTO_VER